Growing Internet Security Incidents Lead to a Wider Acceptance of Class Action Lawsuits as Remedy

In many ways, the Internet has made our lives easier and more efficient. Most of us now routinely turn to the World Wide Web for communication, information, and transactions of all kinds. But this growing reliance on electronic communications comes with a cost, and that’s the potential exposure of our sensitive personal information. Information that, when placed in the wrong hands, can cause financial peril for innocent victims.

Unfortunately, data breaches of this kind occur frequently. In 2011, 174 million records were lost in 855 reported incidents. Even more concerning is a 2011 study of 580 IT professionals that showed 90 percent of the U.S. companies they worked for experienced at least one data breach, with 59 percent saying they experienced two or more within the last 12 months.

A few of the most recent and largest data breaches include:

  • October 2012 – A server at South Carolina’s Department of Revenue was hacked, exposing 3.6 million Social Security numbers and 387,000 credit card and debit card numbers
  • April 2011 – 77 million accounts of a popular gaming system were compromised; 12 million of those had unencrypted credit card numbers
  • March 2011 – The names and emails of millions of customers of retail stores across the country and large financial firms were breached. The companies were clients of a large data marketing firm

Class Action Lawsuits to Address Needs of Victims of Data Breaches

A remedy for victims of data security breach is to file a class action lawsuit. It wasn’t too long ago that federal judges typically dismissed class action lawsuits involving data breaches unless the victims could pinpoint actual damages. As the potential damages of data security breaches have become more widely understood, judges have similarly broadened their view of class actions in this area. They are now more likely to award class-action status to lawsuits where not only actual damages are present, but also the likelihood that victims will suffer damages in the future.

Proposed New Law May Not Offer Enough Protection from Cyberspace ID Theft

Congress, too, has awakened to the dangers of data breaches. In June of this year, the U.S. Senate introduced a bill – the Data Security and Breach Notification Act of 2012 – that would set a national standard for data breach notification. Currently, there is no nationwide standard, with 46 states offering different laws and, therefore, differing consumer protection levels. Lacking one national standard, companies can find ways to dodge alerting their customers of possible security breaches.

However, this bill is not a panacea. It does not specify the measures a company must take to protect customer data, leaving a gaping gray area in terms of a company’s responsibilities when its data is breached.

That’s why our court system and attorneys who represent the rights of data breach victims will continue to play an essential role in obtaining justice for those who have been harmed.